CVE-2019-13402

2019-07-0800:02:20

mitre

www.cve.org

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.

References

xor.cat/2019/06/19/fortinet-forticam-vulns/